Technology and Cybersecurity Blog

Information technology moves fast but some books and texts have a longer and more relevant shelf-life than others. Here are some of my picks that I would want cybersecurity analysts to read and keep handy at all times. These picks won't satisfy everyone or meet every need but they do address cybersecurity from risk management to incident response. Hopefully, you find these helpful...I have. [MORE]

The challenge is to implement and configure tools in the Windows operating system that are already part of Windows or owned by Microsoft (e.g. free to use but from a trusted source) that collect and log these observable artifacts on a host over time for incident detection and analysis. Sysmon is a unique tool in that it is able to collect most of the relevant STIX Cyber Observables and it is provided by Microsoft free of charge. [MORE]

Many analysts rely on the open source and paid Snort/Suricata rulesets for their intrusion detection systems (IDS). You would hope that before applying any rule, the analyst has reviewed the rule, made sure it was applicable to the environment based on the position of the IDS sensor in the network and what the rule is looking for. However, we do know that most analysts apply the thousands of rules first, and then deal with the false positives after. Therefore, I wrote a Python script that parses all the rules in a ruleset and then generates reports to help analysts determine what ports, IPs, protocols and content is covered by the ruleset. By doing this type of review, analysts can identify categories of rules they should disable from the start or may determine that the ruleset fails to cover certain types of activity. For more information, check out the GitHub repository here.

I have had this keyboard for over a month now. There are a few reasons why I got this keyboard and it has met my expectations. However, there are some compromises you are going to make if you want to use it long term. [MORE]